It has been possible to integrate VMware vCenter with ACI for years. However, more and more environments are dependent on NSX-T to manage their VMWare infrastructure. They use NSX to deploy port groups and more. When your environment runs both ACI and NSX-T you might be interested in integrating these two. There are some benefits to this integration. Most benefits are the same as the benefits you get from integrating ACI and vCenter.
This is a short post about the SSD issue in ACI leaf switches. Now ACI fabrics are approaching 5 or 6 years of operations people start noticing error codes F3073 and F3074. When you Google on these faults you’re likely to find this technote from Cisco. The issue is that the SSDs in the switches are nearing the end of their life. Error F3074 will tell you the SSD has reached 80% of its lifetime and F3073 is raised when the SSD reaches 90% of its lifetime.
ACI 5.1 has been released about three months ago. That means that ACI 5.2 is likely imminent. Usually I review a version when it becomes available, like I’ve done for versions 3.2, 4.0, 4.2, 5.0 and 5.1. I will do something similar when 5.2 will be released, but for now I thought it would be nice to speculate a bit. Disclaimer: The information provided in this blog is purely speculation. I did not talk to Cisco to obtain any of this information.
Cisco ACI is a policy based fabric. This means that the complete environment is modelled in objects. When you look at the ACI fundamentals guide you’ll find the model explained in steps. This post covers the tenant policy model. The tenant policy model is a part of the overall model directly located under the root of the model. This shows that the tenant policy model is one of the most important parts of ACI.
I’m honored and thrilled to be nominated as an IT Blog Award finalist in the category “most educational”. This blog started as a way to help myself learn stuff. I try to put things in words that are easy to understand. This nomination is a sign that I’m doing something right with this. Especially when you see my fellow nominees in this category. Each of those blogs are awesome and I’m honored (yes, I said that already) to be listed among them.
On October 26, 2020 Cisco released ACI version 5.1. As has been customary for me I write a blogpost about this new ACI version looking into some of the new features. When we look into the release notes of version 5.1 it would appear that there aren’t any major new features. The biggest new features aren’t listed in the release notes at this time. That might be because some of these features are as of yet undocumented.
ACI is made for automation. There are a lot of blog posts about automating ACI out there, but this is some documentation of my own progress on this matter. I’m no complete beginner in the field of automation. When I stage an ACI environment for a customer I use several scripts that automate almost 95% of the process for me. However, these scripts are home grown and one of the issues I encounter is the lack of portability to other engineers (as I know the scripts by heart and know which things work and which do not).
In my post about the new features of ACI 5.0 (link) I explained the concept of the ESG shortly. This post explores the Endpoint Security Groups in more detail. First we need to appreciate the fact that the introduction of the Endpoint Security Groups is the biggest change in the tenant policy model since ACI’s inception. The tenant policy model hasn’t changed in any major way since ACI 1.0 (as far as I know).
Yesterday, on the 14th of May 2020 Cisco released ACI 5.0. The fifth major release of ACI. This post will explore some of the new features to be found in this version. And there are some major new features to be found in this version. I’m especially excited about the possibility to create true physical multi-tenancy and ESG’s. But there’s more to be found. Let’s start. Hardware and Scale ACI 5.
I’m working on a series of posts concerning service graphs in ACI. In order for these posts I configured some stuff in my lab to demonstrate these functions. The series will take a long time for me to complete. To bridge the time between posts I decided to create a post about the PBR firewall integration I did in my lab. This post does not cover reasons for using PBR in great detail, but in my opinion the PBR type of service graphs are the most likely type to be encountered.